id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux
3304,"[patch] Support ""httponly""-attribute in session cookie.",arvin,nobody,"The cookie used for the session id should get the ""httponly""-attribute to mitigate XSS.
See [http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp].
",enhancement,closed,Core (Other),master,normal,fixed,session security,sam@… jedie Jari Pennanen andy@… johann@… james@…,Accepted,1,0,1,0,,